Create User to Use S3 API with Restricted Permissions

Question

I use AWS S3 API to upload files to some buckets, however, I need to create a new user that only has permission to upload to certain buckets and only through restricted IPs, other IPs should be blocked. Another permission I need is to delete objects, but only from an allowed IP.

Regarding the download, anyone on the internet can access this file (if they have the link).

The problem is that I think I found some articles that would help me with this issue, but they don't tell me exactly which menu within the AWS Console I should access to be able to perform these actions.

For example, this link ([https://docs.aws.amazon.com/AmazonS3/latest/userguide/access-policy-language-overview.html]()) seems to talk about how to restrict the access to a bucket, but it doesn't tell me exactly which location/menu in the console I use to access this setting.

TLDR: What is the path/menu in the Console to set Policies and Permissions in Amazon S3 on a bucket in S3?

Accepted Answer

Access to S3 buckets and their objects is determined, with some simplification, by the S3 bucket policy and the IAM permissions assigned to the user accessing them.

You can find the S3 bucket policy it in the permissions tab of your bucket; the deep link for editing the bucket policy is something like:
https://s3.console.aws.amazon.com/s3/bucket//property/policy/edit?region=

For creating a user and assigning permissions, you should use IAM https://your-region.console.aws.amazon.com/iamv2/home
Users have their own IAM policies and you should grant explicit access to those actions on the buckets you're referring to.

Create User to Use S3 API with Restricted Permissions

相關內容